House-backed cyber bills head to Senate

WASHINGTON (AP) – The House delivered a strong bipartisan vote Thursday for the Cyber Intelligence Sharing and Protection Act (CISPA) despite a White House veto threat. The bill encourages companies and the federal government to share information collected on the Internet to help prevent electronic attacks from cybercriminals, foreign governments and terrorists.

Now, House Republicans and Democrats are expressing optimism about sending a cybersecurity bill to President Barack Obama this year despite significant disagreements with the Senate and the White House.

The CISPA vote was 248-168, with 42 Democrats joining 206 Republicans in backing the measure.

Advertisement

The House has also approved three other less-divisive cyber-related bills, dealing with cyber research-and-development and updated guidelines for protecting agency computer networks.

“Four bills coming out of the House with strong majorities,” Rep. Mac Thornberry, R-Texas, said Friday. “I really think the burden is on the Senate to do something. They can do big bills, small bills, it really doesn’t matter. Just do something.”

CISPA

The House bill would allow the government to relay cyber threat information to a company to prevent attacks from Russia or China. In the private sector, corporations could alert the government and provide data that could stop an attack intended to disrupt the country’s water supply or take down the banking system.

Faced with widespread privacy concerns, Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee, and Ruppersberger pulled together an amendment that limits the government’s use of threat information to five specific purposes: cybersecurity; investigation and prosecution of cybersecurity crimes; protection of individuals from death or serious bodily harm; protection of minors from child pornography; and the protection of national security.

The White House, along with a coalition of liberal and conservative groups and some lawmakers, strongly opposed the bill, complaining that Americans’ privacy could be violated. They argued that companies could share an employee’s personal information with the government, and the data could end up in the hands of officials from the National Security Agency or the Defense Department. They also challenged the bill’s liability waiver for private companies that disclose information, complaining that it was too broad.

Reps. Darrell Issa (R-Calif.) and Elijah Cummings (D-Md.), the chairman and ranking member of the House Oversight and Government Reform Committee, respectively, introduced the legislation last month.

The Federal Information Security Amendments Act of 2012 reestablishes the Office of Management and Budget’s role — as opposed to the Homeland Security Department’s — in developing and overseeing agency cybersecurity guidance.

Cybersecurity Enhancement Act

Introduced by Rep. Michael McCaul (R-Texas), the Cybersecurity Enhancement Act calls for federal agencies that participate in the National High-Performance Computing Program (which is most of the larger departments and agencies) to create a strategic plan for cybersecurity research and development.

The bill, which passed the House in a 395-10 vote, also authorizes appropriations to the National Science Foundation to issue research grants and requires the President to submit a report to Congress describing the cybersecurity workforce needs of the federal government.

The bill, introduced by Rep. Ralph Hall (R-Texas), the chairman of the House Science, Space and Technology Committee, tasks the director of the White House Office of Science and Technology Policy with monitoring agencies’ efforts at allocating funds for and managing their cyber R&D projects.

Focus shifts to Senate

In the Senate, several Democrats and Republicans prefer a bill by Sens. Joe Lieberman (I-Conn.), and Susan Collins (R-Maine), that would give the Homeland Security Department the primary role in overseeing domestic cybersecurity and the authority to set security standards. The House bill does not give Homeland Security that authority. The White House favors the Senate measure, too.

The Senate could act as early as next month on legislation, though it’s uncertain what would emerge in light of internal Senate disputes. House members hope disagreements on a final bill could be settled by a House-Senate conference committee, if not earlier.

“We have a bill; now we start resolving the issues,” Rep. C.A. “Dutch” Ruppersberger of Maryland, the House Intelligence panel’s top Democrat, said Friday. He said he has talked to both the White House and top members of the Senate intelligence panel about moving forward.

Congressional leaders are determined to get a cybersecurity bill completed this election year. More than 10 years after the Sept. 11 terrorist attacks, lawmakers describe it as an initial step to deal with an evolving threat in the Internet age.

(Federal News Radio’s Jack Moore contributed to this report)

This story is part of Federal News Radio’s daily Cybersecurity Update. For more cybersecurity news, click here.

(Copyright 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)